The invention relates to a mobile station comprising a mobile end device having a secured runtime environment and a removable or firmly implemented security element, to a management server, and to a contents management system for the secured execution environment.
Mobile stations in the GSM and UMTS system and similar mobile radio systems comprise a mobile end device, e.g. mobile phone or smart phone, and a removable or firmly implemented security element. In the security element there are implemented connection data, e.g. IMSI (International Mobile Subscriber Identity), keys and algorithms for operating a connection in the mobile radio network. In the GSM or UMTS system there is known the SIM card or USIM card (SIM=Subscriber Identity Module, USIM=Universal SIM) as a removable security element. As a firmly implemented security element there is known eUICC (embedded Universal Integrated Circuit Card) which is a firmly soldered component. The communication with the security element is standardised by standards of the organisation ETSI (European Telecommunications Standards Institute).
In mobile end devices there are known secured runtime environments TEEs (TEE=Trusted Execution Environment) in which a separation between execution environments of different security grades is generated on the software level. Security-critical data and programs are stored under the management of the secured runtime environment. The remaining data and programs are stored in a normal runtime environment existing besides the secured one. The insecure runtime environment also referred to as “normal zone” or “normal world” is controlled by a normal operating system (e.g. Android, Windows Phone, Symbian). The secured or trustworthy runtime environment also referred to as “trust zone” or “trusted world” or “secure world” or “trusted execution environment TEE” is controlled by a security operating system.
In particular security-critical applications and some peripheral functions (e.g. keyboard driver) are controlled in a secure manner by the security operating system. Applications under the security operating system are also referred to as trusted applications (e.g. Global Platform) or in some cases as Trustlets (registered trademark), associatively following the concepts “trust” and “applet”.
For example the document “Global Platform Device Technology: TEE System Architecture, Version 0.4, Public Review Draft October 2011, Document Reference: GPD_SPE_009” describes a mobile end device having a normal or insecure execution environment “Rich Execution Environment (REE)” and a secure execution environment “Trusted Execution Environment (TEE)” (cf. chapter 1).
For the management of the contents (e.g. data, programs) in the security element the mobile radio network providers have a mature server infrastructure. This allows them to load messages, in which the contents are included, according to ETSI standard from a contents server via the mobile radio network (OTA, over the air) into the security element in a cryptographically secured manner.
For the management of the contents in the secured runtime environment of a mobile end device likewise a cryptographically securable infrastructure is necessary. Conventionally, the contents of secured runtime environments, e.g. such as according to Global Platform, are managed by a so-called trusted service manager.
Due to the higher security requirements of the secured runtime environment in comparison to the normal runtime environment, the infrastructure is not sufficient for the management of the contents of a conventional mobile end device. The server infrastructure for the contents management of the security element is not suitable directly for the contents management of the secured runtime environment. Because the communication between the security element and a server is effected by means of messages according to ETSI standard. Messages to the secured runtime environment must meet other stipulations, e.g., those of the Global Platform organisation. A trusted service manager is able to transmit such messages that are conform to Global Platform to the secured runtime environment in a secure manner. The operation of an additional secure server infrastructure for the management of the contents of the secured runtime environment means a great organizational and financial expenditure for the mobile radio network provider.
The invention is based on the object to provide a mobile station having a secured runtime environment, which makes possible an efficient and at the same time secure management of the contents (data, programs) of the secured runtime environment. Moreover, a matching management server for mobile stations is to be stated.